<?php
include_once("mysql_connect.inc.php");
include_once("hash.php");


mysql_select_db(VELOCITY);
//=========================================================================================================================================
function showUserForm($submitname, $function)
{
   global $errmsg;

   $SignatureID = "";
   $FirstName = "";
   $LastName = "";
   $hostuserid = "";
 
   if ((isset($_POST["FirstName"])) && ($function == EDITFUNCTION))
 {
      $SignatureID = $_POST["SignatureID"];
      $FirstName = $_POST["FirstName"];
	  $LastName = $_POST["LastName"];
	  $hostuserid = $_POST["hostuserid"];

  }
  else 
  { 
        $xxx = getUserNameFromDB();
		$SignatureID = $xxx["SignatureID"];
		$FirstName = $xxx["FirstName"];
		$LastName = $xxx["LastName"];
		$hostuserid = $_POST["hostuserid"];
		#print $xxx;
  }
   $formshow  = '<FORM METHOD="POST" ACTION="';
   $formshow .= 'editemployee.php">';;
 
   
   $formshow .= '<font color=red>'.$errmsg.'<br><br><br></font>';
   $formshow .= '<TABLE BORDER="0"><TR>';
  
    $formshow .= '<TD width="250">Host User ID';
  $formshow .= '</TD>';
  $formshow .= '<TD><INPUT TYPE="TEXT" ID="hostuserid" Name = "hostuserid" SIZE="40" value="'.$hostuserid.'" ';
  $formshow .= 'READONLY></TD></TR>';
  //------------------------------------------------------------------------
  $formshow .= '<TD width="250">First Name';
  if ($function == ADDFUNCTION || $function == EDITFUNCTION)
   {
      $formshow .= '<font color="red">*</font>';
   }
  $formshow .= '</TD>';
  $formshow .= '<TD><INPUT TYPE="TEXT" ID="FirstName" Name = "FirstName" SIZE="40" value="'.$FirstName.'" ';
  $formshow .= '</TD></TR>';
//------------------------------------------------------------------------
  $formshow .= '<TR><TD width="250">Last Name';
   if ($function == ADDFUNCTION || $function == EDITFUNCTION)
   {
      $formshow .= '<font color="red">*</font>';
   }
   $formshow .= '</TD>';
   $formshow .= '<TD><INPUT TYPE="TEXT" NAME="LastName" SIZE="40" value="'.$LastName.'" ';
   $formshow .= '</TD></TR>';
 //------------------------------------------------------------------------ 
  $formshow .= '<TR><TD width="250">Employee ID';
   if ($function == ADDFUNCTION || $function == EDITFUNCTION)
   {
      $formshow .= '<font color="red">*</font>';
   }
   $formshow .= '</TD>';
   $formshow .= '<TD><INPUT TYPE="TEXT" NAME="SignatureID" SIZE="40" value="'.$SignatureID.'" ';
   $formshow .= '</TD></TR>';  
 //------------------------------------------------------------------------  

   $formshow .= '</TABLE></br>';
 $formshow .= '<font size=2; color=red> * The following fields are Required</font>';
   if (($errmsg != userSaved) && ($function != INQUIREFUNCTION))
   {
      $formshow .= '<P ALIGN=CENTER><BR><BR><INPUT TYPE="SUBMIT" VALUE="'.$submitname.'" NAME="submit"></P>';
   }
  
   $formshow .= '</FORM>';

   print $formshow;
}
//=========================================================================================================================================
function showEmpList($submitname, $function)
{
   global $errmsg;

   $formshow  = '<FORM METHOD="POST" ACTION="';
   
   if ($function == EDITFUNCTION)
   {
      $formshow  .= 'editemployee.php">';
   }

   $formshow .= '<font color=red>'.$errmsg.'<br><br><br></font>';
   $formshow .= '<TABLE BORDER="0"><TR>';
   $formshow .= '<TD width="250">Employee</font></TD>';
   $formshow .= '<TD><SELECT name="hostuserid">';
   $formshow .= EmpListFromDBToSelect();
   $formshow .= '</SELECT></TD></TR>';
   $formshow .= '</TABLE>';
   $formshow .= '<P ALIGN=CENTER><BR><BR><INPUT TYPE="SUBMIT" VALUE="'.$submitname.'" NAME="submit"></P>';
   $formshow .= '</FORM>';

   print $formshow;
}
//=========================================================================================================================================
function validateUserForm($submitname)
{
   global $link;
   global $errmsg;
   
   $errmsg = '';

   $result=mysql_query("select * from Users where HostUserId='".addslashes($_POST["hostuserid"])."'",$link);

   if (!$result)
   {
      die("Mysql Select User DB error...".mysql_error());
   }

   if ((mysql_num_rows($result) > 0) && ($_POST["submit"] == ADDUSERSUBMITTEXT))
   {
      $errmsg = "User already exist...";
      return(false);
   }

   if ((mysql_num_rows($result) == 0) && ($_POST["submit"] == EDITEMPSUBMITTEXT))
   {
      $errmsg = "ID does not exist...";
      return(false);
   }

   return(true);
}
//=========================================================================================================================================
function addUserToDB()
{
   global $link;
   
   $sql  = "insert into Users set UserLogin = '".addslashes($_POST["username"])."',";
   $sql .= "UserName = '".addslashes($_POST["fullname"])."',";
   $sql .= "Password = '".hashstring(addslashes($_POST["password"]))    ."'";

   $result=mysql_query($sql,$link);

   if (!$result)
   {
      die("Mysql Add user to DB error...".$sql);
   }
}
//=========================================================================================================================================
function updateUserToDB()
{
   global $link;

   $sql  = "update users set ";
   $sql .= "SignatureID = '".addslashes($_POST["SignatureID"])."' ";
      $sql .= ",FirstName = '".addslashes($_POST["FirstName"])."' ";
	     $sql .= ",LastName = '".addslashes($_POST["LastName"])."' ";
   
   
   $sql .= "where HostUserId='".addslashes($_POST["hostuserid"])."'";
   $result=mysql_query($sql,$link);
   
   if (!$result)
   {
      die("Mysql Update user to DB error...".$sql);
   }
}
//=========================================================================================================================================
function EmpListFromDBToSelect()
{
   global $link;

   $sql  = "select hostuserid, SignatureID, FirstName, LastName from Users order by hostuserid";

   $result=mysql_query($sql,$link);

   if (!$result)
   {
      die("Mysql List user to DB error...".mysql_error());
	  #die(mysql_error());
   }

   $select = "";
   
   while($data=mysql_fetch_array($result,MYSQL_ASSOC))
   {
      $select .= '<option value="'.$data["hostuserid"].'">';
      $select .= $data["hostuserid"].' - '.$data["LastName"].' , '.$data["FirstName"].'</option>';
   }

   return($select);
}
//=========================================================================================================================================
function getUserNameFromDB()
{
   global $link;

   $result=mysql_query("select * from Users where HostUserId='".addslashes($_POST["hostuserid"])."'",$link);

   if (!$result)
   {
      die("Mysql Select User DB error...");
   }

   if (mysql_num_rows($result) == 0)
   {
      die("DB Error...");
   }

   $data=mysql_fetch_array($result,MYSQL_ASSOC);
   
   return($data);
}
//=========================================================================================================================================
function deleteUserFromDB()
{
   global $link;

   $result=mysql_query("delete from Users where UserLogin='".addslashes($_POST["username"])."'",$link);

   if (!$result)
   {
      die("Mysql Select User DB error...");
   }

   /*if (mysql_num_rows($result) == 0)
   {
      die("DB Error...");
   }*/
}
?>
